• Loading...

Apache HTTPD-based Webservers

Discover with BMC ADDM
download

This product can be discovered by any edition of BMC Atrium Discovery and Dependency Mapping. Download our free Community Edition to try it out, or see what else it can discover!

What is this?
This is a product information page, containing details of the information that BMC Atrium Discovery gathers about a product and how it is obtained.
Product Names
Publisher Page
Category

Application Server Software Platforms

Release
TKU 2012-Mar-1
Change History

Apache HTTPD Based Webservers - Change History

Reports & Attributes

Apache HTTPD Based Webservers - Reports & Attributes

Publisher Links

Product Description

Apache HTTP Server

Apache HTTP Server is an extensible, efficient and secure HTTP server conforming to the HTTP standards. Apache HTTP Server is available on a large number of platforms including most Unix platforms, Windows, Mac OS X, NetWare, etc...

Apache is developed and maintained by an open community of developers - Apache Software Foundation.

Due to the extensible nature of Apache HTTP Server and its Open Source license, it has been taken and used as the base for a number of other Web server products, including IBM HTTP Server and Oracle HTTP Server.

In Foundation 6.x all of the Apache based web servers were stored as separate matchers; Thanks to the additional functionality offered by Foundation 7.0, we are now able to create all of the Software Instances for these products from within a single pattern - reducing the overall number of patterns and the risk of cross matching with similar patterns.

IBM HTTP Server

The IBM HTTP Server is a simple Web HTTP hosting server. It is based on the Apache Web Server provided by the Apache Group, it has been extended to include a number of additional features that as standard are not found in the normal Apache distribution or cannot be added at all.

At a high level, the main additional features found in IBM HTTP Server are...

  • Threading - IBM HTTP Server 2.0.x is compiled multi-threaded, optional in the Open Source version; this can cause issues with some non-thread-safe PHP extensions.
  • SSL - IBM HTTP Server contains SSL support built-in with IBM's GSKit Library.
  • LDAP - IBM HTTP Server can access an LDAP Server to obtain user and group authentication for the Webserver.
  • FastCache - IBM HTTP Server contains two enhancements to improve performance, firstly it includes a caching system on Windows and AIX which improves response times by caching pages into kernel memory for quick access.
  • FastCGI - The second enhancement IBM HTTP Server contains to improve performance is built-in FastCGI support, an open extension to CGI that defines a protocol to talk to persistent CGI programs via a socket.
  • Installation -IBM HTTP Server uses a Java installation process that is standard across all platforms and compatible with the SUN and GNU Java VMs, as such there is only one distribution package.
  • Source Code - IBM does not ship the source code for IBM HTTP Server, just the binaries, as such it has a dual license requirement, one for the Apache part of the software and the other for the IBM part.

Oracle HTTP Server

The Oracle HTTP server is a simple Web HTTP hosting server. It is based on the Apache Web Server provided by the Apache Group, it has been extended to include a number of additional modules that enable additional advance functionality specific to Oracle based Databases and Application Servers.

The Oracle specific enhancements that have been included as part of the application are...

  • mod_dms - This module enables you to monitor performance of site components with Oracle's Dynamic Monitoring Service (DMS).
  • mod_onsint - This module provides integration support with Oracle Notification Service (ONS) and OPMN (Oracle Process Manager and Notification Server).
  • mod_ossl - This module enables strong cryptography for Oracle HTTP Server.
  • mod_plsql - This module connects the Oracle HTTP Server to an Oracle database, enabling you to create Web applications using Oracle stored procedures.

HP HP-UX Apache-Based Web Server

HP-UX Apache-based Web Server is a total solution for web server deployment. The Open Source Apache Web Server 2.0 software developed by the Apache Software Foundation serves as the base for the HP-UX Apache-based Web Server. In addition to the base HTTP server, HP has combined numerous popular modules from other Open Source projects as well as provided HP value-added features just for the HP-UX platform.

  • Apache Web Server 2.0.43 from ASF, built with worker Multi-Processing Module (MPM)
  • Modules statically included: core, http_core, mod_so, worker
  • Other standard modules dynamically included: mod_access, mod_actions, mod_alias, mod_asis, mod_auth, mod_auth_anon, mod_auth_dbm, mod_auth_digest, mod_autoindex, mod_cache, mod_cache_filter, mod_cache_filter_in, mod_cern_meta, mod_cgi, mod_cgid, mod_charset_lite, mod_dav, mod_dav_fs, mod_deflate, mod_dir, mod_disk_cache, mod_env, mod_expires, mod_ext_filter, mod_file_cache, mod_headers, mod_imap, mod_include, mod_info, mod_log_config, mod_mem_cache, mod_mime, mod_mime_magic, mod_negotiation, mod_proxy, mod_proxy_connect, mod_proxy_ftp, mod_proxy_http, mod_rewrite, mod_setenvif, mod_speling, mod_ssl, mod_status, mod_unique_id, mod_userdir, mod_usertrack, mod_vhost_alias
    mod_deflate provides a filter to compress content from your server before sending it to the client. It can also decompress a gzip-compressed request body.
    mod_suexec allows CGI and SSI programs to run under user IDs different from the user ID of the web server.

Known Versions

Apache HTTP Server

  • 1.3.19-37
  • 2.0.40-59
  • 2.2.0-2.2.17

IBM HTTP Server

IBM have followed an inconsistent versioning standard for their HTTP server, they followed the Apache numbering system until 2004 where they then started following the Websphere numbering system.

  • 1.3.19-37
  • 2.0.40-59
  • 6.0.0 (December 2004)
  • 6.0.1
  • 6.0.2
  • 6.1.0
  • 7.0.0

Oracle HTTP Server

All the evidence we have suggests that Oracle follow the standard Apache Version numbering system.

  • 1.3.19-37
  • 2.0.40-59
  • 2.2.0-2.2.4

HP Apache-Based Web Server

  • 1.3.26.00
  • 1.3.27.00
  • 2.0.39.00
  • 2.0.42.00
  • 2.0.43.00
  • 2.0.55.00

HP-UX Apache-Based Web Server

  • 1.0.01.01
  • 1.0.05.01
  • 1.0.06.01
  • 1.0.07.01
  • 2.0.48.00
  • 2.0.59.07.02
  • 2.0.59.15
  • 2.2.8.01.01
  • 2.2.8.09

Software Pattern Summary

Product Component Pattern OS Type Versioning Pattern Depth
Apache HTTP Server ApacheBasedWebserver Unix Active, Path and Package Instance-based
Windows
IBM HTTP Server Unix
Windows
Oracle HTTP Server Unix Path
Windows
HP Apche-Based Web Server Unix Active
HP-UX Apche-Based Web Server Unix Active

Platforms Supported by the Pattern

The pattern supports identification and versioning of all Apache based webservers on all major platforms - Unix, Linux and Windows.

Identification

Due to the broad nature of the products, the fact that three different products can use the same binary to provide a service, the same binary can be found in a number of different forms with different names and that the product sometimes forks a separate process that could be named the same as its parent, we have chosen to have a number of different triggers that can be used to run the product. Once the pattern is triggered, we perform some additional checks that will allow us to understand what the process is doing and which product it is representing.

Software Instance Triggers

If any of the trigger conditions below are met then execution of the pattern's body will commence.

Trigger Node Attribute Condition Argument
DiscoveredProcess cmd matches unix_cmd 'httpd\d?'
or
windows_cmd 'httpd\d?'
or
regex '(?i)\bhttpd\d?[-_\.](?:prefork|worker)$'
or
regex '(?i)\bapache\d?(?:\.exe)?$'

Simple Identification Mappings

Name cmd matches args matches
Apache Webserver regex '\bapache\[^ \]*/(sbin|bin)/\[^ \]\*\bhttpd$' N/A
regex '\bapps/apache\[^ \]*/(sbin|bin)/httpd$'
Apache / Apache Variant Webserver regex '/usr/sbin/httpd$'
regex '\bapache\[^ \]*/(sbin|bin)/\[^ \]\*\bhttpd\[-_\]prefork$'
regex '/usr/sbin/httpd\[-_\.\](prefork|worker)$'
regex '/usr/sbin/httpd\d$'
regex '/usr/sbin/httpd\d\[-_\.\](prefork|worker)$'
regex '(?i)\bapache\.exe$'
regex '(?i)\bhttpd\.exe$'
regex '\bbin/httpd$' regex '\^.*-(d|f) \*\[^ \]\*/apache\b'
Apache Monitor (Windows) regex '(?i)\bApacheMonitor\.exe$' N/A
Apache Rotatelogs Process regex '(?i)\brotatelogs\.exe$'
regex '(?i)\brotatelogs$'
Oracle HTTP Server (Apache Variant) regex '/(orcl|ora\[\^/\]*)/\[^ \]\*/Apache/Apache/bin/httpd$'
regex '(?i)(orcl|ora\[^\\]*)\\.\*\bApache\\Apache\\Apache\.exe$'
IBM HTTP Webserver (Apache Variant) regex '\bIBM(HTTPD|IHS)\[^ \]*/bin/httpd$'
regex '\bIBM.*(\[H|h\]\[Tt\]\[Tt\]\[Pp\]|IHS).\*\b\[^ \]\*/bin/httpd$'
regex '\[Ii\]\[Hh\]\[Ss\]\[^ \]*/bin/httpd$'
regex '\bibmhttpd\b\[^ \]*/bin/httpd$'
regex '\bHTTPServer\b\[^ \]*/bin/httpd$'
regex '(?i)\bIBM.*(HTT|IHS).\*\b(apache|httpd).exe$'
regex '(?i)\[i\]\[h\]\[s\].*\b(apache|httpd).exe$'
regex '(?i)ibmhttpd.*\b(apache|httpd).exe$'
regex '(?i)\bHTTP\[ \]*Server.\*\b(apache|httpd).exe$'

Versioning

Version information for this product can be gathered using one of three possible methods.

Active Versioning

For all active version commands we first perform a check to ensure that we have a full command path before executing a command or parsing a binary file.

Regex used to check Windows path: (?i)(^\w:\\.+)\\\S+\.exe$
Regex used to check Unix path: (^/\S+)/httpd

We have identified two different ways to version these products, one of them for all Apache based Webservers, the other specifically for the IBM HTTP Server.

Before we execute the specific command we check the path of the command to see if it is a known IBM deployment, more information on how the check is performed can be found in the Publisher and Type Identification section and the list of regular expresions we use to check the path can be found within the IBM section of it.

IBM Specific Version Command

If the path identifies that the webserver we are dealing with is an instance of IBM HTTP Server we then perform the IBM Specific version command.

Windows

The command that is executed on Windows involves performing a find for the string '\"HTTP\"' in a file called "version.signature" which can be found in the directory above the location of the HTTP binary.

Executed command: findstr HTTP "%cmd_path%\\..
version.signature"

Unix

The command that is executed on Unix involves performing a grep for the string 'HTTP' on a file called "version.signature" which can be found in the directory above the location of the HTTP binary.

Executed command: cd %cmd_path%; egrep "HTTP" ../version.signature

Generic Apache Version Command

Unix

On Unix based systems we extract the version number of the HTTP server by parsing the binary that we triggered on using the strings command.

Executed command: strings %process.cmd% | egrep "Apache/" | head -n 1

The command returns the first line within the binary file that contains the string "Apache/", as the version information for Apache is stored as "Apache/x.x.x.x" we can be confident that the first instance of this string contains a valid version number.

For instances of Oracle HTTP Server prior to Oracle 10g releases and for HP Apache-based Web Server the binary still contains the Apache information , due to the fact that Oracle HTTP Server nad HP Apache-based Web Server is simply Apache repackaged with an additional set of modules.

Windows

If the path was not identified as an IBM HTTP Server deployment then a more generic command is executed, we run the triggered process with the argument "-version".

Executed command: "%process.cmd%" -V

Note: The executable is ran with quotes to get round the issue of running commands with spaces in the path under DOS/Windows CLI.

We have found that all of the approaches provides a version number up to four levels of depth, i.e. x.x.x.x.

Oracle HTTP Server Version Command

For Oracle HTTP Server from Oracle 10g onwards we get version information by executing the trigger process with the argument "-version". The versions returned are now based Oracle versioning and no longer on Apache versions

Executed command: "%process.cmd%" -V

Parsing of the Version Command Output

Because multiple Versioning Commands may be ran (Generic Command, and Oracle Command), we store all the results in a list, which may contain 1 to 2 elements. We then iterate through that list, and parse each result through a series of Regular Expressions, stopping when we find a match.

Regular Expressions employed to obtain Version (in the following order):

  • Apache/(\d+(?:\.\d+)*)
  • Server\s+(\d+(?:\.\d+)*)
  • (\d+(?:\.\d+)*)\s+Oracle-HTTP-Server
  • HP Apache-based Web Server/(\d+(?:\.\d+)*)
  • HP-UX_Apache-based_Web_Server/(\d+(?:\.\d+)*)

Path Versioning

If the Active Version Command does not return any version or publisher information then we attempt to parse the full command path against a regex to see if we can identify the publisher and/or version of the product.

As the pattern identifies multiple products from a single binary we have to ensure that any regex we use are specific to the actual product we are identifying, as such we use different regular expressions against the path

Path Regex: (?i)apache(?:_|/|-|\.|\\|)(\d(?:\.\d+)?(?:\.\d+)?(?:\-\d+)?)
Path Regex: (?i)/ihs\[-_\]?(?:(\d(?:\.\d+)?(?:\.\d+)?(?:\-\d+)?))
Path Regex: (?i)(\d+(?:\.\d+)*)[/\\]Apache

An additional processing technique is then used on the resulting value to normalise the version so that it is separated using periods rather than - or _.

Depending on the deployment of the product we have found that this approach provides a version number between one and four levels of depth, i.e. x through to x.x.x.x, and can sometimes include a separate build number as well.

Package Versioning

If neither the Active Command or Path regex return any version information then we check the installed packages to see if we can extract version information from one of them.

Package Regular expressions:

  • ^httpd
  • ^SUNWapchr$
  • ^SUNWapch2r$
  • ^SUNWapchu$
  • ^SUNWapch2u$
  • ^COVLapache
  • ^apache2
  • ^(?i)Apache HTTP Server
  • ^IBMHTTP
  • ^ISIHS
  • ^IHS6\.base$
  • ^(?i)IBM HTTP Server

If a single package is returned then the version number is taken from it and assigned to the Software Instance.

Where multiple packages are returned they are checked against a pre-defined preference list and the most 'trusted' package is used to version the Software Instance.

Package Preference:

  1. httpd
  2. SUNWapchr
  3. SUNWapch2r
  4. SUNWapchu
  5. SUNWapch2u
  6. COVLapache
  7. apache2

Alternative Versioning Approach

From the information we have, we believe that the versioning techniques we are using are accurate enough to be considered the best options for the current releases; future release may need to have additional techniques added to cover unforeseen circumstances or new features.

Future Considerations

The current versioning techniques provide broad scope and good depth in the majority of circumstances, as such we do not know of any further versioning techniques that would be beneficial for this product at this time.

The versioning techniques may need to be updated in the future if more commands become available or new/different packages are used during the installation.

Publisher and Type Identification

As mentioned above this pattern identifies and creates Software Instances for multiple products, the logic it uses to identify the specific product is as follows.

We perform both checks where possible to ensure we are capturing and presenting the correct information to the user.

Path Based Identification

We check each of the paths to see if it contains any information on the publisher of the product.
To perform these checks we build up a list of known regular expressions for each of the products, so we have one list for Apache, one list for IBM and one list for Oracle, we then iterate over these lists in sequence and check if the path matches one of the known regular expressions we create the appropriate attribute and exit, if none of the path regular expressions match the command's path we then move on to the next loop.

The list of path regular expressions and the order they are checked in is as follows.

Oracle HTTP Server Path Identification

The Oracle HTTP Server list is checked first as it is the most generic of the re-bundled HTTP servers, there are no uniquely identifying characteristics apart from the path that can be used to identify an instance of Oracle HTTP server.

Identification Regex: /(?:orcl|ora\[\^/\]*)/\[^ \]\*/Apache
(?i)(?:orcl|ora\[^\\]*)\\.\*\bApache

IBM HTTP Server Path Identification

The IBM HTTP Server list is the second one to be checked.

Identification Regex: (?i)IBM(HTTPD|IHS)
\b\[Ii\]\[Bb\]\[Mm\].*(\[H|h\]\[Tt\]\[Tt\]\[Pp\]|IHS)
(?i)ihs

Apache HTTP Server Path Identification

The Apache HTTP Server list is the final one to be checked.

Identification Regex: \bapache\[^ \]*/(?:sbin|bin)/\[^ \]\*\bhttpd$
\bapps/apache\[^ \]*/(?:sbin|bin)/httpd$
/usr/sbin/httpd$
\bapache\[^ \]*/(?:sbin|bin)/\[^ \]\*\bhttpd\[-_\]prefork$
/usr/sbin/httpd\[-_\.\](?:prefork|worker)$
/usr/sbin/httpd\d$
(?i)\\apache\.exe$
(?i)\\httpd\.exe$

Command Based Identification

In addition to version information we can also retrieve the publisher from the Active Versioning Command, to do this we parse the executed command's output with a simple regex to identify whether IBM, Apache or Oracle was found in the output.

The same information is presented on both types of Operating Systems (Unix and Windows) in the same format so we can use a single regex for both of them.

Publisher Regex: (?i)(ibm|hp-ux|hp|apache|oracle)

Application Model Produced by Software Pattern

Product Architecture

The webserver may be installed both as standalone as well as being included as a component of other business applications.

Single or multiple instances of the webserver could be running on a specific host, this is dictated by platform and configuration.

On Linux/Unix it is more common to find a forking instance of the webserver, it is started with a single httpd process, this then forks a number of children to assist in the handling of http requests.

On Windows it is more common to have a single process that manages all requests internally.

A single instance of the webserver can host more than one website at a single time using virtual hosts.

Software Pattern Model

The pattern is triggered on all processes that match the specified regular expressions; this will result in the pattern being triggered a number of times equal to the number of Apache based webserver processes running on a single host - not ideal where the running instance has forked children.

To ensure that only a single Software Instance is created for each truly unique running instance of the webserver, a further check is then made to ensure that the pattern continues only if the process is the parent process - if it is a child process, then the pattern stops.

The added advantage of performing this check is that it ensures that the commands are only executed when we are sure that we have a unique instance - making the pattern more efficient and saving time when scanning.

Thanks to this functionality and the multi step commands, we are able to create a Deep Software Instance.
As mentioned above, a check is performed to ensure that the process is a distinct webserver parent process, the additional information that is then used by the pattern to create a unique key is the arguments of the process.

When an Apache based webserver is started it either uses a default configuration or has a specific configuration set using the arguments. Using the '-f' and/or '-d' arguments you can identify the specific configuration of the webserver. The -f argument is used to identify a Config File, whereas the -d argument is used to identify the ServerRoot. When present, each argument is added as an attribute to the SI.

The Pattern also creates different Software Instances based on the information it has retrieved from the commands and/or path it queried.
The Software Instance Type is based on the returned publisher, so if 'IBM' was returned by a version command or was in the path then the Type would be set to "IBM HTTP Server", this information is also used in the key to create distinct Software Instances for each type of webserver running on a specific host.

SI Depth

The pattern creates an Instance-based Software Instance, its key being based on hashed value of Config file attribute, obtained SI type and host key. If Config file attribute is not obtained the pattern creates grouped Software Instance. Key group is based on hashed cmd line. If arguments line is present it is also added into key group.

Build

Build attribute is extracted from full version with help of regex:

  • _'-(\d+)$'_

Server root

Server root attribute is extracted in several different ways on Windows and Unix.

Windows

The pattern tries to extract server root from trigger' args or from its children processes using the following regex:

  • _'-d\s+(\"\w:.*?\"|\w:\S+)'_
Note: If several "-d" attributes present in arguments, the pattern extracts them all (2 instances are expected at most). In this case the last one contains the path to domain-specific configuration file and it should be considered as _server root_.

If this method fails, the pattern tries to extract server root from trigger command line using regular expression:

  • _'(?i)^(\w:.*)\\bin\\[^\\]*\.exe$'_

    UNIX

The pattern tries to parse trigger' arguments using regex:

  • _'-d (/\S+)'_

Should this method fail and active commands has succeeded, the pattern tries to extract server root from command output using regex:

  • _'(?i)-D HTTPD_ROOT\s*=\s*[\"\'](.*?)[\"\']'_

Config file

Config file attribute is extracted in several different ways on Windows and Unix. If extracted path is not fully qualified, it can be combined of <SERVER_ROOT><CONFIG_FILE>.

Windows

The pattern tries to extract config file from trigger' args or from its children processes using the following regex:

  • _'-f\s+(\".*?\.conf\"|\S+\.conf)'_

    If this method fails and if any of versioning commands was successful, the pattern tries to extract config file from the last obtained result:

  • _'(?i)-D SERVER_CONFIG_FILE\s*=\s*[\"\'](.*?\.conf)[\"\']'_

UNIX

The pattern tries to parse trigger' arguments using regex:

  • _'-f (\S+\.conf)'_

If this method fails, the pattern tries to extract config file using active command output, the same way as it is managed on Windows but it parses Unix-related command results.

Relationships Creation

Oracle e-Business

In the case that we are dealing with the Oracle HTTP Server, the pattern works on establishing a Relationship with Oracle E-Business Suite.

While the pattern doesn't actually model a Relationship with Oracle E-Business Suite, it creates the grounds on which the Relationship is based, by modeling the ebs_sid attribute.

This attribute is added to the Web Server SI, and represents the Database SID that E-Business Suite is working with.

In order to obtain it, the pattern extracts the contents of the -f Config File (either httpd.conf or httpd_pls.conf), and parses its content through a Regular Expression.

Regular Expression employed to extract Database SID: (?i)DocumentRoot *.+portal[/\\](.+)_

The ebs_sid attribute is going to be looked for by the Oracle E-Business Suite Pattern, in order to model a Relationship with the Web Server.

Associate processes

The pattern identifies all the child processes of the trigger process that created the SI and relates them to the SI via an associate relationship.

Website Software Components.

If ApacheWebsites.create_website_sc Configuration option is enabled (it is enabled by default) and config file attribute is set the pattern extracts httpd.conf file.
Then it extracts all websites VirtualHost zones and extracts the following attributes from each using appropriate regular expressions:

website attributeregexparsed node
website nameregex '\n\s*ServerName\s+(\S+)'website's VirtualHost zone
website aliasesregex '\n\s*ServerAlias\s+([a-zA-Z0-9\-\. ]+)'website's VirtualHost zone
website listening TCP socketsregex '\n\s*<VirtualHost\s+((?:(?:\d+(?:\.\d+){3}|\*)(?:\:\d+)?\s*)+)'website's VirtualHost zone
website listening IPsregex '^(\d+(?:\.\d+){3})'website's listening TCP socket
website listening portsregex '^\d+(?:\.\d+){3}:(\d+)'website's listening TCP socket

As there might be several VirtualHost zones for the same website, the pattern parses all related zones and only afterward models the Software Component of the following view:

The Software Instance has the following model in this case:

Subject Matter Expertise

SME feedback has been incorporated from the 6.x matchers to ensure correct identification and versioning of the Software Instances. Further feedback would be appreciated if it could further improve Pattern accuracy and scope for identification and versioning of the products.

Testing

This pattern has been tested against installations of all possible product types that can be created across multiple platforms, additional tests were performed against record data for other webservers to ensure that erroneous Software Instances were not created.

Open Issues

There are no known open issues with this pattern.

TOP

Created by: Nikola Vukovljak 15 November 2007
Updated by: Alex Kashkevich 20 March 2012

Skip to end of metadata
Go to start of metadata
Labels:
products products Delete
package_versioning package_versioning Delete
build build Delete
path_versioning path_versioning Delete
active_versioning active_versioning Delete
additional_attributes additional_attributes Delete
application_server_software_platforms application_server_software_platforms Delete
apache_foundation apache_foundation Delete
active_command active_command Delete
configuration configuration Delete
open_source open_source Delete
tku_2012-mar-1 tku_2012-mar-1 Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.